TEMPEST Attacks Informative - Electromagnetic Security

EVERYWHERE -- All your security software and/or hardware will not protect you from TEMPEST Attacks.

TEMPEST Attacks has been used by well-equipped opponents involves the remote detection of the electromagnetic signals from your computer. This expensive and somewhat labor-intensive attack is probably still cheaper than direct cryptanalytic attacks. An appropriately instrumented van can park near your office and remotely pick up all of your keystrokes and messages displayed on your computer video screen.

1991 First American broadcast of electromagnetic eavesdropping is shown on Geraldo Rivera's "Now! It can be told" show, performed by Winn Schwartau; Jim Carter, in coordination with Benjamin Franklin Savings and Loan, demonstrates successful attack on Diebold ATM machine using TEMPEST;

2001 In Kyllo v. US, U.S. Supreme Court rules against unwarranted infrared detection by law enforcement against private homes.

Just remember, effective emanation security begins with the physical environment. Unless you can shield the wiring (telephone lines, electrical wiring, network cables, etc.), all of the copper around your PC and in the walls isn't going to stop emanations from leaking to the outside world.

Thank you, HappyJoyBear, for an informative article. I have never heard of TEMPEST Attacks, but I know now! I would also suggest using auto form fillings program such as "AI Roboform" to automatically fill forms in websites with personal information, to prevent capturing keystrokes. Please read my great software review on "AI Roboform."

Posted by Anonymous on 2007-09-14:

You are welcome. I will check it out...

Posted by MRM on 2007-09-14:

I would like to mention with AI Roboform, you can also use the program on a USB flash drive, so that when you are using a public computer, such as at the library or at Kinko's, you are not using the keyboard to type in personal information, such credit card numbers or passwords. The program will automatically fill in the forms for you. If your flash drive ever get lost or stolen, dont worry: unauthorized user will need to enter the master password to use AI Roboform and the personal information is AES encrypted. I cannot say this enough but AI Roboform is AWESOME!

Posted by Anonymous on 2007-09-14:

Good feature but I do not shop or access personal information on a public terminal. It is just too risky.

Posted by MRM on 2007-09-14:

I agree, I only check my emails on public computer, but when Im at work, I do enter other personal information, such as credit card number, using AI Roboform.

Posted by Anonymous on 2007-09-14:

Big brothers are watching @ most work places. I do not access public internet via my work PC. I setup a VPN tunnel to my home server and X11 (SSH2) forwarding Remote Desktop service back to my work PC.

The pipe and the data are both encrypted.

Posted by Anonymous on 2007-09-14:

Good review Happy and very informative.

Posted by Anonymous on 2007-09-14:

Good review Bear. The VPN is a very secure way to keep prying eyes off your shoulder.